@brightchain/brightchain-lib 0.19.0 → 0.21.0

package/src/lib/services/identitySealingPipeline.js

@@ -0,0 +1,288 @@
+"use strict";
+/**
+ * @fileoverview IdentitySealingPipeline — orchestrates the brokered anonymity flow.
+ *
+ * Captures real identity, generates Shamir shards, replaces identity field,
+ * distributes encrypted shards, stores IdentityRecoveryRecord, and discards plaintext.
+ *
+ * @see Requirements 14
+ * @see Design: IdentitySealingPipeline (Section 6)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdentitySealingPipeline = exports.ANONYMOUS_ID = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const quorumErrorType_1 = require("../enumerations/quorumErrorType");
+const quorumError_1 = require("../errors/quorumError");
+const contentWithIdentity_1 = require("../interfaces/contentWithIdentity");
+/**
+ * Anonymous_ID: an all-zeroes 16-byte Uint8Array used as the creatorId
+ * when content is posted with no identity attribution.
+ */
+exports.ANONYMOUS_ID = new Uint8Array(16);
+/**
+ * Wipe a Uint8Array buffer by filling it with zeroes.
+ * Best-effort memory cleanup for sensitive data.
+ */
+function wipeBuffer(buffer) {
+    buffer.fill(0);
+}
+/**
+ * IdentitySealingPipeline orchestrates the brokered anonymity flow:
+ *
+ * 1. Captures the real creator identity before publication
+ * 2. Generates Shamir shards from the identity bytes
+ * 3. Replaces the identity field based on mode (real/alias/anonymous)
+ * 4. Encrypts each shard with the corresponding quorum member's public key via ECIES
+ * 5. Verifies shards correctly reconstruct before distributing
+ * 6. Stores the IdentityRecoveryRecord in the QuorumDatabase
+ * 7. Attaches the recovery record ID to the content metadata
+ * 8. Discards the original plaintext identity from memory
+ *
+ * @template TID - Platform ID type for frontend/backend DTO compatibility
+ */
+class IdentitySealingPipeline {
+    constructor(db, sealingService, eciesService, currentEpoch, statuteConfig) {
+        this.db = db;
+        this.sealingService = sealingService;
+        this.eciesService = eciesService;
+        this.currentEpoch = currentEpoch;
+        this.statuteConfig = statuteConfig;
+    }
+    /**
+     * Get the enhanced ID provider from the sealing service for TID ↔ bytes conversion.
+     */
+    get enhancedProvider() {
+        return this.sealingService.enhancedProviderRef;
+    }
+    /**
+     * Convert a TID to its byte representation.
+     */
+    tidToBytes(id) {
+        return this.enhancedProvider.toBytes(id);
+    }
+    /**
+     * Convert bytes back to a TID.
+     */
+    bytesToTid(bytes) {
+        return this.enhancedProvider.fromBytes(bytes);
+    }
+    /**
+     * Compute the expiration date for an identity recovery record
+     * based on the statute of limitations configuration.
+     */
+    async computeExpiresAt(contentType, createdAt) {
+        const config = await this.statuteConfig();
+        let durationMs;
+        if (config) {
+            const typeDuration = config.defaultDurations.get(contentType);
+            durationMs = typeDuration ?? config.fallbackDurationMs;
+        }
+        else {
+            // Default: 7 years in milliseconds
+            durationMs = 7 * 365.25 * 24 * 60 * 60 * 1000;
+        }
+        return new Date(createdAt.getTime() + durationMs);
+    }
+    /**
+     * Process content through the identity sealing pipeline.
+     *
+     * Steps:
+     * 1. Capture the real identity (creatorId) from the content
+     * 2. Convert identity to hex for Shamir splitting
+     * 3. Generate Shamir shards using current epoch threshold/members
+     * 4. Verify shards reconstruct correctly before distributing (Task 15.3)
+     * 5. Replace identity field based on mode (Task 15.4)
+     * 6. Encrypt each shard with the corresponding member's public key via ECIES
+     * 7. Store the IdentityRecoveryRecord
+     * 8. Attach recovery record ID to content
+     * 9. Wipe plaintext identity from memory
+     *
+     * @param content - The content with real identity to seal
+     * @param mode - The identity mode (real, alias, or anonymous)
+     * @param aliasName - Required when mode is Alias
+     * @returns The modified content and recovery record ID
+     * @throws QuorumError with IdentitySealingFailed if shard generation or distribution fails
+     * @throws QuorumError with ShardVerificationFailed if shard verification fails
+     */
+    async sealIdentity(content, mode, aliasName) {
+        // 1. Capture the real identity
+        const realIdentityBytes = this.tidToBytes(content.creatorId);
+        // Make a copy so we can wipe the original reference later
+        const identityCopy = new Uint8Array(realIdentityBytes);
+        let plaintextShares = [];
+        try {
+            // 2. Convert identity bytes to hex for Shamir splitting
+            const identityHex = (0, ecies_lib_1.uint8ArrayToHex)(identityCopy);
+            // Get current epoch for threshold and member list
+            const epoch = await this.currentEpoch();
+            const memberCount = epoch.memberIds.length;
+            const threshold = epoch.threshold;
+            if (memberCount < 1) {
+                throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.IdentitySealingFailed);
+            }
+            // 3. Generate Shamir shards via SealingService
+            try {
+                plaintextShares = this.sealingService.shamirSplit(identityHex, memberCount, threshold);
+            }
+            catch (err) {
+                if (err instanceof quorumError_1.QuorumError)
+                    throw err;
+                throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.IdentitySealingFailed);
+            }
+            // 4. Verify shards reconstruct correctly before distributing (Task 15.3)
+            this.verifyShards(plaintextShares, threshold, identityHex, memberCount);
+            // 5. Replace identity field based on mode (Task 15.4)
+            const modifiedContent = this.replaceIdentity(content, mode, aliasName);
+            // 6. Encrypt each shard with the corresponding member's public key via ECIES
+            const encryptedShardsByMemberId = new Map();
+            const encoder = new TextEncoder();
+            for (let i = 0; i < memberCount; i++) {
+                const memberId = epoch.memberIds[i];
+                const memberRecord = await this.db.getMember(memberId);
+                if (!memberRecord) {
+                    throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.IdentitySealingFailed);
+                }
+                // Encode the share string as UTF-8 bytes for ECIES encryption
+                // (Shamir shares include a structured prefix and may have odd hex length)
+                const shareBytes = encoder.encode(plaintextShares[i]);
+                const encryptedShard = await this.eciesService.encryptWithLength(memberRecord.publicKey, shareBytes);
+                encryptedShardsByMemberId.set(memberId, encryptedShard);
+            }
+            // 7. Store the IdentityRecoveryRecord
+            const now = new Date();
+            const expiresAt = await this.computeExpiresAt(content.contentType, now);
+            const recordId = (0, ecies_lib_1.uint8ArrayToHex)(this.enhancedProvider.toBytes(this.enhancedProvider.generateTyped()));
+            const recoveryRecord = {
+                id: recordId,
+                contentId: content.contentId,
+                contentType: content.contentType,
+                encryptedShardsByMemberId,
+                memberIds: [...epoch.memberIds],
+                threshold,
+                epochNumber: epoch.epochNumber,
+                expiresAt,
+                createdAt: now,
+                identityMode: mode,
+                aliasName: mode === contentWithIdentity_1.IdentityMode.Alias ? aliasName : undefined,
+            };
+            await this.db.saveIdentityRecord(recoveryRecord);
+            // 8. Attach recovery record ID to content
+            modifiedContent.identityRecoveryRecordId = recordId;
+            return {
+                modifiedContent,
+                recoveryRecordId: recordId,
+            };
+        }
+        catch (error) {
+            if (error instanceof quorumError_1.QuorumError) {
+                throw error;
+            }
+            throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.IdentitySealingFailed);
+        }
+        finally {
+            // 9. Wipe plaintext identity from memory
+            wipeBuffer(identityCopy);
+            for (let i = 0; i < plaintextShares.length; i++) {
+                plaintextShares[i] = '';
+            }
+            plaintextShares.length = 0;
+        }
+    }
+    /**
+     * Recover a sealed identity given sufficient decrypted shares.
+     *
+     * Retrieves the IdentityRecoveryRecord, validates share count,
+     * reconstructs the identity using Shamir's combine, and returns the TID.
+     *
+     * @param recoveryRecordId - The ID of the identity recovery record
+     * @param decryptedShares - Map of member ID to decrypted share hex string
+     * @returns The recovered real identity
+     * @throws QuorumError with InsufficientSharesForReconstruction if not enough shares
+     * @throws QuorumError with IdentityPermanentlyUnrecoverable if record not found
+     */
+    async recoverIdentity(recoveryRecordId, decryptedShares) {
+        const record = await this.db.getIdentityRecord(recoveryRecordId);
+        if (!record) {
+            throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.IdentityPermanentlyUnrecoverable);
+        }
+        if (decryptedShares.size < record.threshold) {
+            throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.InsufficientSharesForReconstruction);
+        }
+        const shareValues = Array.from(decryptedShares.values());
+        let reconstructedHex;
+        try {
+            reconstructedHex = this.sealingService.shamirCombine(shareValues, record.memberIds.length);
+        }
+        catch {
+            throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.InsufficientSharesForReconstruction);
+        }
+        try {
+            const identityBytes = (0, ecies_lib_1.hexToUint8Array)(reconstructedHex);
+            return this.bytesToTid(identityBytes);
+        }
+        finally {
+            // Wipe the reconstructed hex — best-effort for strings
+            reconstructedHex = '';
+        }
+    }
+    /**
+     * Verify that Shamir shards correctly reconstruct the original identity
+     * before distributing them to members.
+     *
+     * Takes a subset of shares (threshold count) and verifies they
+     * reconstruct to the original identity hex.
+     *
+     * @param shares - The plaintext Shamir shares
+     * @param threshold - The number of shares needed to reconstruct
+     * @param originalHex - The original identity hex string
+     * @param totalShares - Total number of shares generated
+     * @throws QuorumError with ShardVerificationFailed if verification fails
+     */
+    verifyShards(shares, threshold, originalHex, totalShares) {
+        const verificationSubset = shares.slice(0, threshold);
+        let reconstructed;
+        try {
+            reconstructed = this.sealingService.shamirCombine(verificationSubset, totalShares);
+        }
+        catch {
+            throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.ShardVerificationFailed);
+        }
+        if (reconstructed !== originalHex) {
+            throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.ShardVerificationFailed);
+        }
+    }
+    /**
+     * Replace the identity field on content based on the selected mode.
+     *
+     * - Real: keep creatorId as-is
+     * - Alias: replace creatorId with the alias name encoded as TID
+     * - Anonymous: replace creatorId with ANONYMOUS_ID (all-zeroes)
+     *
+     * Returns a shallow copy of the content with the identity replaced.
+     */
+    replaceIdentity(content, mode, aliasName) {
+        const modified = { ...content };
+        switch (mode) {
+            case contentWithIdentity_1.IdentityMode.Real:
+                // Keep creatorId as-is
+                break;
+            case contentWithIdentity_1.IdentityMode.Alias: {
+                if (!aliasName) {
+                    throw new quorumError_1.QuorumError(quorumErrorType_1.QuorumErrorType.IdentitySealingFailed);
+                }
+                // Generate a deterministic alias ID using a fresh GUID.
+                // The actual alias-to-identity mapping is stored in the recovery record.
+                // In production, this would be the alias's registered public key ID.
+                modified.creatorId = this.enhancedProvider.generateTyped();
+                break;
+            }
+            case contentWithIdentity_1.IdentityMode.Anonymous:
+                // Replace with all-zeroes Anonymous_ID
+                modified.creatorId = this.bytesToTid(new Uint8Array(exports.ANONYMOUS_ID));
+                break;
+        }
+        return modified;
+    }
+}
+exports.IdentitySealingPipeline = IdentitySealingPipeline;
+//# sourceMappingURL=identitySealingPipeline.js.map

package/src/lib/services/identitySealingPipeline.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identitySealingPipeline.js","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/identitySealingPipeline.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,0DAOoC;AACpC,qEAAkE;AAClE,uDAAoD;AACpD,2EAG2C;AAW3C;;;GAGG;AACU,QAAA,YAAY,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;AAE/C;;;GAGG;AACH,SAAS,UAAU,CAAC,MAAkB;IACpC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAa,uBAAuB;IAGlC,YACmB,EAAwB,EACxB,cAAmC,EACnC,YAA+B,EAC/B,YAA6C,EAC7C,aAA+D;QAJ/D,OAAE,GAAF,EAAE,CAAsB;QACxB,mBAAc,GAAd,cAAc,CAAqB;QACnC,iBAAY,GAAZ,YAAY,CAAmB;QAC/B,iBAAY,GAAZ,YAAY,CAAiC;QAC7C,kBAAa,GAAb,aAAa,CAAkD;IAC/E,CAAC;IAEJ;;OAEG;IACH,IAAY,gBAAgB;QAC1B,OAAO,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC;IACjD,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,EAAO;QACxB,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,KAAiB;QAClC,OAAO,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,gBAAgB,CAC5B,WAAmB,EACnB,SAAe;QAEf,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC1C,IAAI,UAAkB,CAAC;QAEvB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,YAAY,GAAG,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YAC9D,UAAU,GAAG,YAAY,IAAI,MAAM,CAAC,kBAAkB,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,UAAU,GAAG,CAAC,GAAG,MAAM,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAChD,CAAC;QAED,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,UAAU,CAAC,CAAC;IACpD,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,YAAY,CAChB,OAAiC,EACjC,IAAkB,EAClB,SAAkB;QAElB,+BAA+B;QAC/B,MAAM,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC7D,0DAA0D;QAC1D,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAEvD,IAAI,eAAe,GAAa,EAAE,CAAC;QAEnC,IAAI,CAAC;YACH,wDAAwD;YACxD,MAAM,WAAW,GAAG,IAAA,2BAAe,EAAC,YAAY,CAAC,CAAC;YAElD,kDAAkD;YAClD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YACxC,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC;YAC3C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;YAElC,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,IAAI,yBAAW,CAAC,iCAAe,CAAC,qBAAqB,CAAC,CAAC;YAC/D,CAAC;YAED,+CAA+C;YAC/C,IAAI,CAAC;gBACH,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,CAC/C,WAAW,EACX,WAAW,EACX,SAAS,CACV,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,yBAAW;oBAAE,MAAM,GAAG,CAAC;gBAC1C,MAAM,IAAI,yBAAW,CAAC,iCAAe,CAAC,qBAAqB,CAAC,CAAC;YAC/D,CAAC;YAED,yEAAyE;YACzE,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;YAExE,sDAAsD;YACtD,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;YAEvE,6EAA6E;YAC7E,MAAM,yBAAyB,GAAG,IAAI,GAAG,EAA4B,CAAC;YACtE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrC,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBACpC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;gBACvD,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,yBAAW,CAAC,iCAAe,CAAC,qBAAqB,CAAC,CAAC;gBAC/D,CAAC;gBAED,8DAA8D;gBAC9D,0EAA0E;gBAC1E,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;gBACtD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAC9D,YAAY,CAAC,SAAS,EACtB,UAAU,CACX,CAAC;gBACF,yBAAyB,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAED,sCAAsC;YACtC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YACxE,MAAM,QAAQ,GAAG,IAAA,2BAAe,EAC9B,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,CACrD,CAAC;YAElB,MAAM,cAAc,GAAgC;gBAClD,EAAE,EAAE,QAAQ;gBACZ,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,yBAAyB;gBACzB,SAAS,EAAE,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC;gBAC/B,SAAS;gBACT,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,SAAS;gBACT,SAAS,EAAE,GAAG;gBACd,YAAY,EAAE,IAAI;gBAClB,SAAS,EAAE,IAAI,KAAK,kCAAY,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;aAC/D,CAAC;YAEF,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC;YAEjD,0CAA0C;YAC1C,eAAe,CAAC,wBAAwB,GAAG,QAAQ,CAAC;YAEpD,OAAO;gBACL,eAAe;gBACf,gBAAgB,EAAE,QAAQ;aAC3B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,yBAAW,EAAE,CAAC;gBACjC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,MAAM,IAAI,yBAAW,CAAC,iCAAe,CAAC,qBAAqB,CAAC,CAAC;QAC/D,CAAC;gBAAS,CAAC;YACT,yCAAyC;YACzC,UAAU,CAAC,YAAY,CAAC,CAAC;YACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAChD,eAAe,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YAC1B,CAAC;YACD,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,eAAe,CACnB,gBAA8B,EAC9B,eAA0C;QAE1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;QACjE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,yBAAW,CAAC,iCAAe,CAAC,gCAAgC,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,eAAe,CAAC,IAAI,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YAC5C,MAAM,IAAI,yBAAW,CACnB,iCAAe,CAAC,mCAAmC,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC;QAEzD,IAAI,gBAAwB,CAAC;QAC7B,IAAI,CAAC;YACH,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,CAClD,WAAW,EACX,MAAM,CAAC,SAAS,CAAC,MAAM,CACxB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,yBAAW,CACnB,iCAAe,CAAC,mCAAmC,CACpD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAA,2BAAe,EAAC,gBAAgB,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC;gBAAS,CAAC;YACT,uDAAuD;YACvD,gBAAgB,GAAG,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;OAYG;IACK,YAAY,CAClB,MAAgB,EAChB,SAAiB,EACjB,WAAmB,EACnB,WAAmB;QAEnB,MAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAEtD,IAAI,aAAqB,CAAC;QAC1B,IAAI,CAAC;YACH,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,CAC/C,kBAAkB,EAClB,WAAW,CACZ,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,yBAAW,CAAC,iCAAe,CAAC,uBAAuB,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,aAAa,KAAK,WAAW,EAAE,CAAC;YAClC,MAAM,IAAI,yBAAW,CAAC,iCAAe,CAAC,uBAAuB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACK,eAAe,CACrB,OAAiC,EACjC,IAAkB,EAClB,SAAkB;QAElB,MAAM,QAAQ,GAA6B,EAAE,GAAG,OAAO,EAAE,CAAC;QAE1D,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,kCAAY,CAAC,IAAI;gBACpB,uBAAuB;gBACvB,MAAM;YAER,KAAK,kCAAY,CAAC,KAAK,CAAC,CAAC,CAAC;gBACxB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,MAAM,IAAI,yBAAW,CAAC,iCAAe,CAAC,qBAAqB,CAAC,CAAC;gBAC/D,CAAC;gBACD,wDAAwD;gBACxD,yEAAyE;gBACzE,qEAAqE;gBACrE,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC;gBAC3D,MAAM;YACR,CAAC;YAED,KAAK,kCAAY,CAAC,SAAS;gBACzB,uCAAuC;gBACvC,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,oBAAY,CAAC,CAAC,CAAC;gBACnE,MAAM;QACV,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AArTD,0DAqTC"}

package/src/lib/services/identityValidator.d.ts

@@ -0,0 +1,75 @@
+/**
+ * @fileoverview IdentityValidator — node-side identity validation on content ingestion.
+ *
+ * Validates content identity before acceptance into the block store:
+ * - Real identity: verifies signature matches public key, checks not banned/suspended
+ * - Alias identity: looks up alias, verifies active, verifies signature matches alias key, checks owner not banned
+ * - Anonymous identity: verifies Membership_Proof present and valid, content-bound
+ *
+ * @see Requirements 16
+ * @see Design: IdentityValidator (Section 8)
+ */
+import { ECIESService, PlatformID } from '@digitaldefiance/ecies-lib';
+import { ContentWithIdentity } from '../interfaces/contentWithIdentity';
+import { IIdentityValidator, IdentityValidationResult } from '../interfaces/services/identityValidator';
+import { IMembershipProofService } from '../interfaces/services/membershipProof';
+import { IQuorumDatabase } from '../interfaces/services/quorumDatabase';
+/**
+ * IdentityValidator validates content identity before ingestion into the block store.
+ *
+ * Dispatches to one of three validation paths based on the creatorId:
+ * 1. Anonymous (all-zeroes GuidV4) → verify membership proof
+ * 2. Alias (linked via identityRecoveryRecordId) → verify alias active + signature + owner not banned
+ * 3. Real identity → verify signature + not banned/suspended
+ *
+ * @template TID - Platform ID type for frontend/backend DTO compatibility
+ */
+export declare class IdentityValidator<TID extends PlatformID = Uint8Array> implements IIdentityValidator<TID> {
+    private readonly db;
+    private readonly eciesService;
+    private readonly membershipProofService;
+    constructor(db: IQuorumDatabase<TID>, eciesService: ECIESService<TID>, membershipProofService: IMembershipProofService<TID>);
+    /**
+     * Validate content identity before ingestion.
+     *
+     * Detection logic:
+     * - creatorId is all-zeroes → Anonymous mode
+     * - identityRecoveryRecordId links to an alias record → Alias mode
+     * - Otherwise → Real identity mode
+     */
+    validateContent(content: ContentWithIdentity<TID>): Promise<IdentityValidationResult>;
+    /**
+     * Validate real identity content.
+     *
+     * 1. Look up member by creatorId
+     * 2. Check member is not banned or suspended
+     * 3. Verify content signature against member's public key
+     */
+    private validateRealIdentity;
+    /**
+     * Validate alias identity content.
+     *
+     * 1. Look up alias by name
+     * 2. Verify alias is active
+     * 3. Verify content signature against alias public key
+     * 4. Check alias owner is not banned/suspended
+     */
+    private validateAliasIdentity;
+    /**
+     * Validate anonymous identity content.
+     *
+     * 1. Verify membership proof is present
+     * 2. Verify membership proof is valid against current member set
+     * 3. Verify proof is content-bound (uses content hash)
+     */
+    private validateAnonymous;
+    /**
+     * Check member status and throw if banned or suspended.
+     */
+    private checkMemberStatus;
+    /**
+     * Convert a TID to Uint8Array bytes.
+     */
+    private toBytes;
+}
+//# sourceMappingURL=identityValidator.d.ts.map

package/src/lib/services/identityValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identityValidator.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/identityValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,YAAY,EACZ,UAAU,EAIX,MAAM,4BAA4B,CAAC;AAKpC,OAAO,EACL,mBAAmB,EAEpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACzB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AA2BxE;;;;;;;;;GASG;AACH,qBAAa,iBAAiB,CAC5B,GAAG,SAAS,UAAU,GAAG,UAAU,CACnC,YAAW,kBAAkB,CAAC,GAAG,CAAC;IAEhC,OAAO,CAAC,QAAQ,CAAC,EAAE;IACnB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;gBAFtB,EAAE,EAAE,eAAe,CAAC,GAAG,CAAC,EACxB,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,EAC/B,sBAAsB,EAAE,uBAAuB,CAAC,GAAG,CAAC;IAGvE;;;;;;;OAOG;IACG,eAAe,CACnB,OAAO,EAAE,mBAAmB,CAAC,GAAG,CAAC,GAChC,OAAO,CAAC,wBAAwB,CAAC;IA4BpC;;;;;;OAMG;YACW,oBAAoB;IAoClC;;;;;;;OAOG;YACW,qBAAqB;IA6CnC;;;;;;OAMG;YACW,iBAAiB;IAwC/B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAWzB;;OAEG;IACH,OAAO,CAAC,OAAO;CAWhB"}

package/src/lib/services/identityValidator.js

@@ -0,0 +1,202 @@
+"use strict";
+/**
+ * @fileoverview IdentityValidator — node-side identity validation on content ingestion.
+ *
+ * Validates content identity before acceptance into the block store:
+ * - Real identity: verifies signature matches public key, checks not banned/suspended
+ * - Alias identity: looks up alias, verifies active, verifies signature matches alias key, checks owner not banned
+ * - Anonymous identity: verifies Membership_Proof present and valid, content-bound
+ *
+ * @see Requirements 16
+ * @see Design: IdentityValidator (Section 8)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdentityValidator = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const sha3_1 = require("@noble/hashes/sha3");
+const identityValidationErrorType_1 = require("../enumerations/identityValidationErrorType");
+const memberStatusType_1 = require("../enumerations/memberStatusType");
+const identityValidationError_1 = require("../errors/identityValidationError");
+const contentWithIdentity_1 = require("../interfaces/contentWithIdentity");
+const identitySealingPipeline_1 = require("./identitySealingPipeline");
+/**
+ * Check if a Uint8Array matches the all-zeroes ANONYMOUS_ID.
+ */
+function isAnonymousId(id) {
+    if (id.length !== identitySealingPipeline_1.ANONYMOUS_ID.length)
+        return false;
+    for (let i = 0; i < identitySealingPipeline_1.ANONYMOUS_ID.length; i++) {
+        if (id[i] !== 0)
+            return false;
+    }
+    return true;
+}
+/**
+ * Compute a 32-byte hash from content fields for signature/proof verification.
+ * Uses SHA3-512 truncated to 32 bytes, consistent with MembershipProofService.
+ */
+function computeContentDigest(content) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(`${content.contentId}:${content.contentType}`);
+    const fullHash = (0, sha3_1.sha3_512)(data);
+    return fullHash.slice(0, 32);
+}
+/**
+ * IdentityValidator validates content identity before ingestion into the block store.
+ *
+ * Dispatches to one of three validation paths based on the creatorId:
+ * 1. Anonymous (all-zeroes GuidV4) → verify membership proof
+ * 2. Alias (linked via identityRecoveryRecordId) → verify alias active + signature + owner not banned
+ * 3. Real identity → verify signature + not banned/suspended
+ *
+ * @template TID - Platform ID type for frontend/backend DTO compatibility
+ */
+class IdentityValidator {
+    constructor(db, eciesService, membershipProofService) {
+        this.db = db;
+        this.eciesService = eciesService;
+        this.membershipProofService = membershipProofService;
+    }
+    /**
+     * Validate content identity before ingestion.
+     *
+     * Detection logic:
+     * - creatorId is all-zeroes → Anonymous mode
+     * - identityRecoveryRecordId links to an alias record → Alias mode
+     * - Otherwise → Real identity mode
+     */
+    async validateContent(content) {
+        // Convert creatorId to bytes for anonymous check
+        const creatorIdBytes = this.toBytes(content.creatorId);
+        // 1. Check for anonymous identity (all-zeroes)
+        if (isAnonymousId(creatorIdBytes)) {
+            return this.validateAnonymous(content);
+        }
+        // 2. Determine identity mode from recovery record if present
+        if (content.identityRecoveryRecordId) {
+            const record = await this.db.getIdentityRecord(content.identityRecoveryRecordId);
+            if (record &&
+                record.identityMode === contentWithIdentity_1.IdentityMode.Alias &&
+                record.aliasName) {
+                return this.validateAliasIdentity(content, record.aliasName);
+            }
+        }
+        // 3. Default: real identity validation
+        const creatorHex = (0, ecies_lib_1.uint8ArrayToHex)(creatorIdBytes);
+        return this.validateRealIdentity(content, creatorHex);
+    }
+    /**
+     * Validate real identity content.
+     *
+     * 1. Look up member by creatorId
+     * 2. Check member is not banned or suspended
+     * 3. Verify content signature against member's public key
+     */
+    async validateRealIdentity(content, memberId) {
+        const member = await this.db.getMember(memberId);
+        if (!member || !member.isActive) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.InvalidSignature);
+        }
+        // Check banned/suspended status
+        this.checkMemberStatus(member.status);
+        // Verify signature against member's public key
+        const contentBytes = computeContentDigest(content);
+        const isValid = this.eciesService.verifyMessage(member.publicKey, contentBytes, content.signature);
+        if (!isValid) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.InvalidSignature);
+        }
+        return {
+            valid: true,
+            identityMode: contentWithIdentity_1.IdentityMode.Real,
+            resolvedMemberId: memberId,
+        };
+    }
+    /**
+     * Validate alias identity content.
+     *
+     * 1. Look up alias by name
+     * 2. Verify alias is active
+     * 3. Verify content signature against alias public key
+     * 4. Check alias owner is not banned/suspended
+     */
+    async validateAliasIdentity(content, aliasName) {
+        const alias = await this.db.getAlias(aliasName);
+        if (!alias) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.UnregisteredAlias);
+        }
+        if (!alias.isActive) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.InactiveAlias);
+        }
+        // Verify signature against alias public key
+        const contentBytes = computeContentDigest(content);
+        const isValid = this.eciesService.verifyMessage(alias.aliasPublicKey, contentBytes, content.signature);
+        if (!isValid) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.InvalidSignature);
+        }
+        // Check alias owner is not banned/suspended
+        const owner = await this.db.getMember(alias.ownerMemberId);
+        if (owner) {
+            this.checkMemberStatus(owner.status);
+        }
+        return {
+            valid: true,
+            identityMode: contentWithIdentity_1.IdentityMode.Alias,
+            resolvedMemberId: alias.ownerMemberId,
+        };
+    }
+    /**
+     * Validate anonymous identity content.
+     *
+     * 1. Verify membership proof is present
+     * 2. Verify membership proof is valid against current member set
+     * 3. Verify proof is content-bound (uses content hash)
+     */
+    async validateAnonymous(content) {
+        if (!content.membershipProof || content.membershipProof.length === 0) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.MissingMembershipProof);
+        }
+        // Get all active member public keys for ring signature verification
+        const activeMembers = await this.db.listActiveMembers();
+        const memberPublicKeys = activeMembers.map((m) => m.publicKey);
+        if (memberPublicKeys.length === 0) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.InvalidMembershipProof);
+        }
+        // Compute content hash for proof verification (content-binding)
+        const contentHash = computeContentDigest(content);
+        const isValid = await this.membershipProofService.verifyProof(content.membershipProof, memberPublicKeys, contentHash);
+        if (!isValid) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.InvalidMembershipProof);
+        }
+        return {
+            valid: true,
+            identityMode: contentWithIdentity_1.IdentityMode.Anonymous,
+        };
+    }
+    /**
+     * Check member status and throw if banned or suspended.
+     */
+    checkMemberStatus(status) {
+        if (status === memberStatusType_1.MemberStatusType.Banned) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.BannedUser);
+        }
+        if (status === memberStatusType_1.MemberStatusType.Suspended) {
+            throw new identityValidationError_1.IdentityValidationError(identityValidationErrorType_1.IdentityValidationErrorType.SuspendedUser);
+        }
+    }
+    /**
+     * Convert a TID to Uint8Array bytes.
+     */
+    toBytes(id) {
+        if (id instanceof Uint8Array) {
+            return id;
+        }
+        // For string-based IDs, encode as UTF-8
+        if (typeof id === 'string') {
+            return new TextEncoder().encode(id);
+        }
+        // For other types, try to get bytes from the object
+        return new Uint8Array(Buffer.from(String(id)));
+    }
+}
+exports.IdentityValidator = IdentityValidator;
+//# sourceMappingURL=identityValidator.js.map

package/src/lib/services/identityValidator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identityValidator.js","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/identityValidator.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAEH,0DAMoC;AACpC,6CAA8C;AAC9C,6FAA0F;AAC1F,uEAAoE;AACpE,+EAA4E;AAC5E,2EAG2C;AAO3C,uEAAyD;AAEzD;;GAEG;AACH,SAAS,aAAa,CAAC,EAAc;IACnC,IAAI,EAAE,CAAC,MAAM,KAAK,sCAAY,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,sCAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7C,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IAChC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,OAAwC;IAExC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC3E,MAAM,QAAQ,GAAG,IAAA,eAAQ,EAAC,IAAI,CAAC,CAAC;IAChC,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAa,iBAAiB;IAG5B,YACmB,EAAwB,EACxB,YAA+B,EAC/B,sBAAoD;QAFpD,OAAE,GAAF,EAAE,CAAsB;QACxB,iBAAY,GAAZ,YAAY,CAAmB;QAC/B,2BAAsB,GAAtB,sBAAsB,CAA8B;IACpE,CAAC;IAEJ;;;;;;;OAOG;IACH,KAAK,CAAC,eAAe,CACnB,OAAiC;QAEjC,iDAAiD;QACjD,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEvD,+CAA+C;QAC/C,IAAI,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACzC,CAAC;QAED,6DAA6D;QAC7D,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAC5C,OAAO,CAAC,wBAAwB,CACjC,CAAC;YACF,IACE,MAAM;gBACN,MAAM,CAAC,YAAY,KAAK,kCAAY,CAAC,KAAK;gBAC1C,MAAM,CAAC,SAAS,EAChB,CAAC;gBACD,OAAO,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,MAAM,UAAU,GAAG,IAAA,2BAAe,EAAC,cAAc,CAAiB,CAAC;QACnE,OAAO,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACxD,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,oBAAoB,CAChC,OAAiC,EACjC,QAAsB;QAEtB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEjD,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,gBAAgB,CAC7C,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAEtC,+CAA+C;QAC/C,MAAM,YAAY,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,CAC7C,MAAM,CAAC,SAAS,EAChB,YAAY,EACZ,OAAO,CAAC,SAAgC,CACzC,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,gBAAgB,CAC7C,CAAC;QACJ,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI;YACX,YAAY,EAAE,kCAAY,CAAC,IAAI;YAC/B,gBAAgB,EAAE,QAAQ;SAC3B,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,qBAAqB,CACjC,OAAiC,EACjC,SAAiB;QAEjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAEhD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,iBAAiB,CAC9C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,aAAa,CAC1C,CAAC;QACJ,CAAC;QAED,4CAA4C;QAC5C,MAAM,YAAY,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,CAC7C,KAAK,CAAC,cAAc,EACpB,YAAY,EACZ,OAAO,CAAC,SAAgC,CACzC,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,gBAAgB,CAC7C,CAAC;QACJ,CAAC;QAED,4CAA4C;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC3D,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI;YACX,YAAY,EAAE,kCAAY,CAAC,KAAK;YAChC,gBAAgB,EAAE,KAAK,CAAC,aAAa;SACtC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,iBAAiB,CAC7B,OAAiC;QAEjC,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,sBAAsB,CACnD,CAAC;QACJ,CAAC;QAED,oEAAoE;QACpE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,iBAAiB,EAAE,CAAC;QACxD,MAAM,gBAAgB,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAE/D,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,sBAAsB,CACnD,CAAC;QACJ,CAAC;QAED,gEAAgE;QAChE,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAC3D,OAAO,CAAC,eAAe,EACvB,gBAAgB,EAChB,WAAW,CACZ,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,sBAAsB,CACnD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI;YACX,YAAY,EAAE,kCAAY,CAAC,SAAS;SACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,MAAyB;QACjD,IAAI,MAAM,KAAK,mCAAgB,CAAC,MAAM,EAAE,CAAC;YACvC,MAAM,IAAI,iDAAuB,CAAC,yDAA2B,CAAC,UAAU,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,MAAM,KAAK,mCAAgB,CAAC,SAAS,EAAE,CAAC;YAC1C,MAAM,IAAI,iDAAuB,CAC/B,yDAA2B,CAAC,aAAa,CAC1C,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,OAAO,CAAC,EAAO;QACrB,IAAI,EAAE,YAAY,UAAU,EAAE,CAAC;YAC7B,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,wCAAwC;QACxC,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC3B,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACtC,CAAC;QACD,oDAAoD;QACpD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;CACF;AA1ND,8CA0NC"}

package/src/lib/services/index.d.ts

@@ -1,13 +1,19 @@
+export * from './aliasRegistry';
+export * from './auditLogService';
 export * from './blockCapacity.service';
 export * from './blockService';
 export * from './cblService';
 export * from './checksum.service';
 export * from './crypto';
 export * from './fec.service';
+export * from './identitySealingPipeline';
+export * from './identityValidator';
 export * from './member';
+export * from './membershipProofService';
 export * from './memberStore';
 export * from './messaging';
 export * from './quorumService';
+export * from './quorumStateMachine';
 export * from './sealing.service';
 export * from './service.provider';
 export * from './serviceLocator';

package/src/lib/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,UAAU,CAAC;AACzB,cAAc,eAAe,CAAC;AAC9B,cAAc,UAAU,CAAC;AACzB,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,eAAe,CAAC;AAC9B,cAAc,OAAO,CAAC;AAGtB,cAAc,cAAc,CAAC;AAG7B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC;AACxC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,UAAU,CAAC;AACzB,cAAc,eAAe,CAAC;AAC9B,cAAc,2BAA2B,CAAC;AAC1C,cAAc,qBAAqB,CAAC;AACpC,cAAc,UAAU,CAAC;AACzB,cAAc,0BAA0B,CAAC;AACzC,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,eAAe,CAAC;AAC9B,cAAc,OAAO,CAAC;AAGtB,cAAc,cAAc,CAAC;AAG7B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,YAAY,CAAC"}

package/src/lib/services/index.js

@@ -1,16 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./aliasRegistry"), exports);
+tslib_1.__exportStar(require("./auditLogService"), exports);
 tslib_1.__exportStar(require("./blockCapacity.service"), exports);
 tslib_1.__exportStar(require("./blockService"), exports);
 tslib_1.__exportStar(require("./cblService"), exports);
 tslib_1.__exportStar(require("./checksum.service"), exports);
 tslib_1.__exportStar(require("./crypto"), exports);
 tslib_1.__exportStar(require("./fec.service"), exports);
+tslib_1.__exportStar(require("./identitySealingPipeline"), exports);
+tslib_1.__exportStar(require("./identityValidator"), exports);
 tslib_1.__exportStar(require("./member"), exports);
+tslib_1.__exportStar(require("./membershipProofService"), exports);
 tslib_1.__exportStar(require("./memberStore"), exports);
 tslib_1.__exportStar(require("./messaging"), exports);
 tslib_1.__exportStar(require("./quorumService"), exports);
+tslib_1.__exportStar(require("./quorumStateMachine"), exports);
 tslib_1.__exportStar(require("./sealing.service"), exports);
 tslib_1.__exportStar(require("./service.provider"), exports);
 tslib_1.__exportStar(require("./serviceLocator"), exports);

package/src/lib/services/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/index.ts"],"names":[],"mappings":";;;AAAA,kEAAwC;AACxC,yDAA+B;AAC/B,uDAA6B;AAC7B,6DAAmC;AACnC,mDAAyB;AACzB,wDAA8B;AAC9B,mDAAyB;AACzB,wDAA8B;AAC9B,sDAA4B;AAC5B,0DAAgC;AAChC,4DAAkC;AAClC,6DAAmC;AACnC,2DAAiC;AACjC,8DAAoC;AACpC,0DAAgC;AAChC,gEAAsC;AACtC,wDAA8B;AAC9B,gDAAsB;AAEtB,4CAA4C;AAC5C,uDAA6B;AAE7B,8DAA8D;AAC9D,0DAAgC;AAEhC,6DAA6D;AAC7D,qDAA2B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/index.ts"],"names":[],"mappings":";;;AAAA,0DAAgC;AAChC,4DAAkC;AAClC,kEAAwC;AACxC,yDAA+B;AAC/B,uDAA6B;AAC7B,6DAAmC;AACnC,mDAAyB;AACzB,wDAA8B;AAC9B,oEAA0C;AAC1C,8DAAoC;AACpC,mDAAyB;AACzB,mEAAyC;AACzC,wDAA8B;AAC9B,sDAA4B;AAC5B,0DAAgC;AAChC,+DAAqC;AACrC,4DAAkC;AAClC,6DAAmC;AACnC,2DAAiC;AACjC,8DAAoC;AACpC,0DAAgC;AAChC,gEAAsC;AACtC,wDAA8B;AAC9B,gDAAsB;AAEtB,4CAA4C;AAC5C,uDAA6B;AAE7B,8DAA8D;AAC9D,0DAAgC;AAEhC,6DAA6D;AAC7D,qDAA2B"}

package/src/lib/services/member/memberCblService.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"memberCblService.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/services/member/memberCblService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAGhE,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAa7D,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAIlE;;GAEG;AACH,qBAAa,gBAAgB,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAc;gBAE7B,UAAU,EAAE,WAAW;IAInC;;OAEG;IACU,eAAe,CAC1B,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EACnB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,GACnB,OAAO,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC;IAmN1C;;;;;;;;OAQG;IACU,aAAa,CACxB,GAAG,EAAE,yBAAyB,CAAC,GAAG,CAAC,GAClC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IA0IvB;;OAEG;IACI,aAAa,IAAI,WAAW;CAGpC"}
+{"version":3,"file":"memberCblService.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/services/member/memberCblService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAGhE,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAa7D,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAgBlE;;GAEG;AACH,qBAAa,gBAAgB,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAc;gBAE7B,UAAU,EAAE,WAAW;IAInC;;OAEG;IACU,eAAe,CAC1B,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EACnB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,GACnB,OAAO,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC;IAmN1C;;;;;;;;OAQG;IACU,aAAa,CACxB,GAAG,EAAE,yBAAyB,CAAC,GAAG,CAAC,GAClC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IA0IvB;;OAEG;IACI,aAAa,IAAI,WAAW;CAGpC"}